Cloud Browsers like Opera Mini or Amazon Silk Could Be Abused for DDoS Attacks, Password Cracking

Researchers have devised a way in which cloud browsers could be abused

People up to no good on the internet are always looking for new ways of carrying out their "no goodness." To stay one step ahead or at least not that far behind, those looking to stop them need to think like them, which is why proof of concept attacks are important.

Researchers have now devised a method of carrying out DDoS attacks or break cryptographic keys fast and for free, by relying on so-called "cloud browsers," i.e. browsers that offset some of the rendering and page processing to upstream servers.

Opera Mini is the most popular browser of this kind, but is hardly the only one. The Silk browser on the Kindle Fire devices works in the same way, for example.

To speed up browsing, the more intensive tasks are performed by servers leaving the underpowered tablets free to handle other stuff.

The research itself was done using a version of the Puffin mobile browser. The researchers devised a method of splitting big tasks into smaller chunks as well as manipulating several instances of the browser to abuse the cloud behind it.

They could then use the browser to direct DDoS attacks at targets of their choosing, with little to trace it back to them. Common DDoS attacks rely on brute force and need a lot of machines.

This can be achieved by either getting a lot of people behind the cause, like Anonymous sometimes does, or using a botnet, like Anonymous sometimes does. Using a cloud browser makes it possible to carry out an attack with very little resources.

The cloud could also be abused to perform intense computational tasks that would take too much on regular computers. Already, Amazon's cloud service is used for password cracking and similar tasks. The same could be achieved by abusing these cloud browsers.

This is just a proof-of-concept, there are no known abuses of this kind in the wild, but it is an enticing avenue, one that is probably not ignored by hackers and the sort.